PC lento (e pure un po' triste) + Buon Natale :-)

[legnafresca]

Ciao, ho il Pc lento quindi avrà dentro facilmente qualche porcheria. Ho guardato alcuni topics e mi sono un po' organizzato. Posto i report di Combi e Hijaker. Vi ringrazio anticipatamente per i consigli e l'assistenza. Stante io una schiappa sarò magari un po' lento nel fare quello che mi consiglierete, quindi abbiate pazienza ma c'arrivo, c'arrivo...
Questo Combi:
ComboFix 09-12-23.05 - Riky 24/12/2009 14.51.38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.448.186 [GMT 1:00]
Eseguito da: c:\documents and settings\Riky\Desktop\ComboFix.exe
AV: F-Secure Anti-Virus 2010 10.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\programmi\SGPSA
c:\programmi\SGPSA\SearchAssistant.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-11-24 al 2009-12-24 )))))))))))))))))))))))))))))))))))
.

2009-12-24 11:49 . 2009-12-24 11:49 -------- d-----w- c:\programmi\CCleaner
2009-12-23 18:08 . 2009-12-23 18:08 -------- d-----w- c:\programmi\Trend Micro
2009-12-21 15:37 . 2009-12-23 16:19 -------- d-----w- c:\documents and settings\Riky\Dati applicazioni\Vidalia
2009-12-20 15:32 . 2009-12-20 15:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-12-20 15:24 . 2009-12-20 15:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-20 13:14 . 2009-12-20 13:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-12-19 15:11 . 2009-12-23 17:09 52224 ----a-w- c:\documents and settings\Riky\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-19 15:11 . 2009-12-23 17:09 117760 ----a-w- c:\documents and settings\Riky\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 15:10 . 2009-12-19 15:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-19 15:08 . 2009-12-19 15:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-19 15:08 . 2009-12-19 15:08 -------- d-----w- c:\documents and settings\Riky\Dati applicazioni\SUPERAntiSpyware.com
2009-12-19 15:05 . 2009-12-19 15:05 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-16 16:40 . 2009-12-16 16:40 0 ----a-w- c:\windows\nsreg.dat
2009-12-16 16:40 . 2009-12-16 16:40 -------- d-----w- c:\documents and settings\Riky\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-16 16:29 . 2009-12-21 15:16 -------- d-----w- c:\programmi\Vidalia Bundle
2009-12-13 18:23 . 2009-12-13 18:23 -------- d-----w- c:\programmi\Search Guard PlusU
2009-12-13 18:23 . 2009-12-13 18:23 -------- d-----w- c:\programmi\Search Guard Plus
2009-12-13 18:22 . 2009-12-13 18:22 -------- d-----w- C:\Program Files
2009-12-13 18:19 . 2009-12-13 18:19 -------- d-----w- C:\users
2009-12-12 16:49 . 2009-12-15 13:27 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-12 16:36 . 2009-12-12 16:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-10 17:29 . 2009-12-10 17:29 -------- d-----w- c:\programmi\BHO Scanner & Remover
2009-12-10 13:11 . 1998-08-05 07:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2009-12-05 13:03 . 2009-12-05 13:03 -------- d-----w- c:\documents and settings\Riky\Dati applicazioni\Malwarebytes
2009-12-05 13:02 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 13:02 . 2009-12-05 13:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-05 13:02 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 13:01 . 2009-12-05 13:03 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-05 12:54 . 2009-12-05 12:54 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 12:53 . 2009-12-05 12:53 -------- d-----w- c:\programmi\MSBuild
2009-12-05 12:53 . 2009-12-05 12:53 -------- d-----w- c:\programmi\Reference Assemblies
2009-12-05 09:43 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-05 09:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-05 09:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-05 09:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-05 09:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-05 09:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-05 09:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-05 09:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-05 09:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-05 09:41 . 2009-12-05 09:44 -------- d-----w- C:\8105a884d4b9f29a01a5
2009-12-05 08:50 . 2009-12-05 08:50 -------- d-----w- C:\839d6ebd1900eaa6e90fca03
2009-12-05 08:49 . 2009-12-05 08:50 -------- d-----w- C:\f0a17498ba5cfb2c47
2009-12-04 19:41 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-04 19:41 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-04 19:41 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-04 19:41 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-04 19:41 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-04 19:41 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-04 19:41 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-04 19:41 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-04 19:38 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-04 19:25 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-04 19:24 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-04 19:24 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-04 19:16 . 2009-08-04 17:26 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-04 19:15 . 2009-08-04 17:26 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-04 19:15 . 2009-08-04 17:26 2069760 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-04 19:08 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-04 19:08 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-04 19:07 . 2008-04-21 21:14 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-04 13:12 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-04 13:12 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-04 11:37 . 2009-12-04 11:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\F-Secure
2009-12-04 11:37 . 2009-12-04 17:07 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-12-04 11:36 . 2009-07-09 09:33 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-12-04 11:30 . 2009-12-04 17:11 -------- d-----w- c:\programmi\F-Secure
2009-12-04 11:24 . 2009-12-04 16:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\fssg
2009-12-04 11:19 . 2009-12-04 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\f-secure
2009-12-04 09:25 . 2009-12-21 15:01 -------- d-----w- c:\programmi\PC-Clean
2009-12-04 07:43 . 2009-12-24 11:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-04 07:43 . 2009-12-04 10:42 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-01 17:39 . 2009-12-01 17:39 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-12-01 17:36 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-01 17:36 . 2009-12-01 17:36 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-12-01 17:30 . 2009-12-01 17:51 -------- d-----w- c:\programmi\Microsoft
2009-12-01 07:25 . 2009-12-01 07:25 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-11-24 16:26 . 2009-11-24 16:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-24 16:20 . 2009-11-24 16:20 -------- d-----w- c:\programmi\File comuni\Apple
2009-11-24 16:20 . 2009-11-24 16:20 -------- d-----w- c:\documents and settings\Riky\Impostazioni locali\Dati applicazioni\Apple
2009-11-24 16:20 . 2009-11-24 16:20 -------- d-----w- c:\programmi\Apple Software Update
2009-11-24 16:20 . 2009-11-24 16:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-11-24 16:19 . 2009-11-24 16:19 -------- d-----w- c:\documents and settings\Riky\Impostazioni locali\Dati applicazioni\Apple Computer
2009-11-24 16:11 . 2009-11-24 16:28 -------- d-----w- c:\programmi\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 17:07 . 2009-03-06 14:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-12-12 19:02 . 2009-03-06 14:56 -------- d-----w- c:\programmi\Google
2009-12-10 06:23 . 2004-08-19 12:00 485564 ----a-w- c:\windows\system32\perfh010.dat
2009-12-10 06:23 . 2004-08-19 12:00 82616 ----a-w- c:\windows\system32\perfc010.dat
2009-12-07 15:15 . 2008-10-09 03:07 44512 ----a-w- c:\documents and settings\Riky\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-04 17:59 . 2008-10-09 07:31 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-04 17:58 . 2008-10-09 07:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-01 17:50 . 2009-05-14 12:58 -------- d-----w- c:\programmi\Windows Live
2009-11-23 20:20 . 2009-11-23 20:20 -------- d-----w- c:\programmi\Citrix
2009-11-23 20:19 . 2009-11-23 20:19 70984 ----a-w- c:\documents and settings\Riky\g2mdlhlpx.exe
2009-10-29 07:42 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2004-08-19 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-19 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-19 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-19 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-19 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-19 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-30 16:36 . 2009-09-28 13:15 559 ---ha-w- C:\os678647.bin
2009-03-06 14:54 . 2009-03-06 14:54 1046656 ----a-w- c:\programmi\Google_Updater.exe
.

------- Sigcheck -------

[-] 2008-10-09 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-10-09 . 1DBD3966123AC2F6ADE783F7F17F8C7F . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-07-22 163840]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2008-07-04 106496]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2002-05-09 303104]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-09-05 126976]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2002-09-05 557056]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-12 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2005-03-28 12:25 1011712 ----a-w- c:\programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [04/12/2009 12.37.34 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [04/12/2009 12.36.35 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [04/12/2009 12.33.42 68064]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [04/12/2009 12.31.16 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [04/12/2009 12.33.45 55936]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [16/12/2002 18.09.00 814277]
S2 gupdate1c99e6be08b9b90;Servizio di Google Update (gupdate1c99e6be08b9b90);c:\programmi\Google\Update\GoogleUpdate.exe [06/03/2009 15.57.27 133104]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22/03/2005 2.17.34 450400]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [04/12/2009 12.31.19 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [04/12/2009 12.31.19 25184]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Riky\Dati applicazioni\Mozilla\Firefox\Profiles\8cg5s35m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-ANIWZCS2Service - c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
AddRemove-SiS7012 - c:\programmi\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\programmi\f-secure\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(600)
c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
c:\programmi\f-secure\hips\fshook32.dll
.
Ora fine scansione: 2009-12-24 15:10:09
ComboFix-quarantined-files.txt 2009-12-24 14:09

Pre-Run: 25.045.602.304 byte disponibili
Post-Run: 25.053.147.136 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 070381FACED1A8CD4142D502C30EE9C5
Questo Hijak
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.15.58, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure\Common\FSHDLL32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\sistray.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4868639893
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmi\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Servizio di Google Update (gupdate1c99e6be08b9b90) (gupdate1c99e6be08b9b90) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

--
End of file - 7912 bytes
Grazie per l'aiuto e Buon Natale

[Luke57]

Ciao, nei report non mi pare di vedere minacce virali, buon Natale.

[legnafresca]

Grazie per la prontezza.
E' una buona notizia, mi resta da risolvere come ripulire a fondo da adware a troyan che cmq riescono ad entrare, io ho schierato la mia corazzata a difesa ma da qualche parte s'intrufolano, tipo Doubleclick (da google ho scoperrto), click bank ed altre amenità del genere. Provo prima a gironzolare in google per vedere se trovo come rimuoverli, nel caso non ci riuscissi vi disturberò nuovamente. Grazie ancora per il servizio che offrite (validissimo) ed ancora Auguroni.